You are here: Fairness.com > Resources > SANS Institute

SANS Institute


Self Description

August 2006: " SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center.

The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.

Many of the valuable SANS resources are free to all who ask. They include the very popular Internet Storm Center ( the Internet's early warning system), the weekly news digest ( NewsBites), the weekly vulnerability digest (@RISK), flash security alerts and more than 1,200 award-winning, original research papers."

http://www.sans.org/about/sans.php

Third-Party Descriptions

March 2013: '“The attacks have changed from espionage to destruction,” said Alan Paller, director of research at the SANS Institute, a cybersecurity training organization. “Nations are actively testing how far they can go before we will respond.”'

http://www.nytimes.com/2013/03/29/technology/corporate-cyberattackers-possibly-state-backed-now-seek-to-destroy-data.html

February 2010: "The group, led by the SANS Institute and Mitre, later today is slated to release draft language for use in procurement contracts between user organizations and software development firms."

http://www.infoworld.com/d/developer-world/hold-vendors-liable-buggy-software-security-experts-say-618

February 2010: "And if the prospect of being bankrupted by medical bills wasn't frightening enough, add the increasingly hostile legal climate surrounding the software development profession. In response to all-too-common reports of software bugs and security breaches, some organizations have begun lobbying for contractual language that makes software developers accountable for any defects in their code. For example, the SANS Institute has proposed a detailed contract that would require developers to certify that they had received appropriate training, observed any and all security procedures deemed necessary, and that their code was free of defects to the best of their knowledge, among other clauses."

http://www.infoworld.com/d/developer-world/fixing-independent-programmers-no-win-scenario-764

August 2007: One answer may be the sheer complexity of major infrastructure systems: Though SCADA computers have weak external security, controlling them takes engineering expertise. Most hackers could only gain enough control to create the fear that they're capable of something worse, says Alan Paller, director of the SANS Institute.

http://www.forbes.com/2007/08/22/scada-hackers-infrastructure-tech-security-cx_ag_0822hack.html

Relationships

RoleNameTypeLast Updated
Organization Executive (past or present) Alan Paller Person Aug 26, 2007

Articles and Resources

Date Fairness.com Resource Read it at:
Mar 28, 2013 Cyberattacks Seem Meant to Destroy, Not Just Disrupt

QUOTE: an intensifying campaign of unusually powerful attacks on American financial institutions that began last September and have taken dozens of them offline intermittently, costing millions of dollars....Corporate leaders have long feared online attacks aimed at financial fraud or economic espionage, but now a new threat has taken hold: attackers, possibly with state backing, who seem bent on destruction.

 New York Times
Feb 25, 2010 Fixing independent programmers' no-win scenario: A hostile business climate is stifling entrepreneurship in software development, and the U.S. economy pays the price

QUOTE: certain classes of workers, including anyone who engages as a "computer programmer, systems analyst, or other similarly skilled worker engaged in a similar line of work," are considered de facto employees for tax purposes...The IRS can impose significant tax penalties on companies who hire such workers as contractors rather than full employees, a fact that can make it extremely difficult for self-employed programmers to find work.

 InfoWorld
Feb 16, 2010 Hold vendors liable for buggy software, security experts say: Consortium led by SANS Institute, Mitre also releases 2010 list of Top 25 programming errors

QUOTE: The document provides user companies with a list of specific terms and conditions that should be included in procurement contracts to ensure that vendors are adhering to a strict set of software development security standards. In sum, the draft contract would leave development firms liable for software defects.

 InfoWorld
Sep 16, 2009 Cybersecurity - or lack thereof - alarms experts

QUOTE: Government entities and commercial organizations are failing to protect themselves effectively in the areas in which they are most vulnerable.

 San Francisco Chronicle
Nov 08, 2008 Extortion Used in Prescription Data Breach: FBI Investigating Threat Against Express Scripts Customers

QUOTE: One of the nation's largest processors of pharmacy prescriptions said this week that extortionists are threatening to disclose personal and medical information about millions of Americans if the company fails to meet payment demands.

 Washington Post
Jan 18, 2008 Hackers Cut Cities' Power

QUOTE: Cyber-security experts have long warned of the vulnerability of critical infrastructure like power, transportation and water systems to malicious hackers. Friday hackers have penetrated power systems in several regions outside the U.S., and "in at least one case, caused a power outage affecting multiple cities.

 Forbes
Aug 22, 2007 America's Hackable Backbone

QUOTE: But because SCADA systems are largely owned by the private sector, critical infrastructure like power plants and water systems may remain vulnerable until the problem affects profits--or leads to disaster. Christy argues that we can't wait that long: His unofficial opinion is that SCADA needs government regulation.

 Forbes